CheckRecipient: Using AI to Solve a Simple, But Big, Law Firm Problem

AI-driven cyber security start-up, CheckRecipient, may seem at first glance to be a very simple application: it stops you from sending emails to the wrong people. Yet, dig a little deeper and one finds a niche in the legal tech space ripe for development.

Riz Noor, a growth advisor who has done work for CheckRecipient, reached out to Artificial Lawyer to explain just why the start-up is so relevant to the legal sector.

First, what makes CheckRecipient interesting is that it uses machine learning to better understand what should be the right profile of approved email recipients in a law firm. That is to say, it doesn’t just provide a ‘banned list’ of ‘don’t email’ addresses.

Instead, the system scans metadata of the law firm’s historical emails and studies the patterns and types of addresses within them. It also examines the networks of relationships between clients and lawyers in the firm.

When a communication seems to break an established pattern it notices it. The system can even send a ‘silent message’ to whoever in the firm is responsible for monitoring security issues as an immediate response.

Noor explains that some older email security systems are rules-based, but they are not intelligent enough to catch random emails escaping. Machine learning instead creates a more adaptive picture of what actually goes on in a law firm.

But, one might ask, is this really a big deal? Lawyers don’t send emails to the wrong people do they, or at least extremely rarely? And if so, then how can using AI to stop it be the basis for a burgeoning tech start-up?

Well, first here is a fact: CheckRecipient has according to Crunchbase received almost a $1m in funding from multiple investors. Not bad for a new company founded in the UK by three former post-grad students from Imperial College London: Tim Sadler, Tom Adams and Ed Bishop.

And here is the second finding: data published by the Information Commissioner’s Office shows that misaddressed emails are the number one digital data security incident reported to the organisation, thus highlighting how prevalent the problem is.

Based on analysis of law firm email send error rates, then if one looks at a large law firm with perhaps hundreds, if not thousands, of lawyers and employees this could mean quite a large handful of potentially damaging information leaks occurring every month.

And if you still don’t think wrongly sent email from law firms are an issue, then consider this: why does every law firm on the planet add an enormous footer to their emails warning the recipient about what they should do if they’ve received the email in error? Clearly law firms are well aware of this issue, they just have not had sufficient tech solutions to solve the problem.

Sometimes the mistakes are because of ‘fat fingers’, sometimes because of auto-fill errors when typing addresses and sometimes they are the result of malicious spoofing with cyber criminals deliberately using very similar email addresses to trick people into handing over funds or data. The latter example has happened many times to law firms and is increasingly reported in the mainstream press.

Noor also mentions that several large law firms have taken up the technology. Travers Smith, for example, is one UK law firm that has publicly acknowledged using the system.

What this perhaps shows is that legal tech start-ups may need to wield very smart and advanced technology, such as machine learning, but the problems they need to solve to be of use to lawyers are in fact sometimes of the simplest nature.

Nevertheless, CheckRecipient will probably make a lot of lawyers sleep better at night knowing they have not accidentally sent a client’s merger documents to the wrong person.

And that perhaps is the key to creating a winning legal tech application: solve, reduce or remove the causes of pain.